Forum Discussion

Pavan_Gelli1910's avatar
Pavan_Gelli1910
Brass Contributor
Feb 22, 2021

Application Level Security Monitoring

Hi Team,   I have scenario where the application is running on top of webapps and respective application level logs are getting stored in sql database (paas) on specific tables. My requirement is t...
ibnmbodji's avatar
ibnmbodji
Steel Contributor
Feb 22, 2021

Pavan_Gelli1910 

 

Hi 

 

Why don't you simply leverage Azure Defender for App  Service ?  Even if your app is not  running  on app service you can still leverage security events in Defender or Sentinel to get notified and prepare your response at the right time 

https://docs.microsoft.com/fr-fr/azure/security-center/defender-for-app-service-introduction

 

You can also leverage application security detection pack  by using application insights :

https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-application-security-detection-pack

Pavan_Gelli1910's avatar
Pavan_Gelli1910
Brass Contributor
Mar 02, 2021
im using the Azure Defender for App service also. But, I have requirement to build some custom correlation rules using the logs generated by the application.
  • ibnmbodji's avatar
    ibnmbodji
    Steel Contributor
    Mar 07, 2021
    Hi
    You can leverage workspace-basd resources to have custom logs and cutom queries . I think it's the best way to do it unless the specified logs you want are not supported by app insights .
    The doc said :
    Workspace-based resources support full integration between Application Insights and Log Analytics.You can now choose to send your Application Insights telemetry to a common Log Analytics workspace, which allows you full access to all the features of Log Analytics while keeping application, infrastructure, and platform logs in a single consolidated location.
    Reference : https://docs.microsoft.com/en-us/azure/azure-monitor/app/create-workspace-resource